Jenkins Azure Service Fabric Plugin
0 remedies
0 remedies
- <= 1.6
Jenkins Azure Service Fabric Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
Patched
A cross-site request forgery (CSRF) vulnerability exists in Jenkins Azure Service Fabric Plugin versions through 1.6. This vulnerability allows attackers to connect to a Service Fabric URL using credentials IDs specified by the attacker, which could be obtained through other means. Additionally, the plugin does not perform proper permission checks in several HTTP endpoints, enabling credential ID enumeration of Azure credentials stored in Jenkins.
Impact
Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of the user, such as connecting to a Service Fabric URL with attacker-specified credentials, potentially allowing for further exploitation or credential capture using other vulnerabilities.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.7impact
0.0exploitability
4.9remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.